Forums
Main Category
General (Technical,...
Password Recovery S...
 
Notifications
Clear all

Password Recovery Software

 
Page 2 / 3
General (Technical, Procedural, Software, Hardware etc.)
Last Post by fkasperski 11 years ago
21 Posts
12 Users
0 Reactions
3,897 Views
RSS
 fraudit
(@fraudit)
Trusted Member
Joined: 13 years ago
Posts: 72
21/03/2014 12:59 am  

I've used both Passware and Elcomsoft password recovery suites and I've found Passware product quicker and more effective. An important thing is that I used both of them almost exclusively for recovering archive and office docs passwords, not other applications and/or system.


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
21/03/2014 1:19 am  

I've used both Passware and Elcomsoft password recovery suites and I've found Passware product quicker and more effective. An important thing is that I used both of them almost exclusively for recovering archive and office docs passwords, not other applications and/or system.

Hmmm, unless you did some specific tests, I wonder how you gathered this impression. 😯

I mean ) , you have file xy.doc (or .zip or .docx or .xls or .xlsx).

You make a try at it's password with tool "a" using (say) a dictionary.
Tool "a" either manages to get the password or it does not.
If it does, I doubt that you will be going on the same file with tool "b". (you already got the password)
If it does not, you try (with the same dictionary) the same xy file with tool "b".

Tool "b" either manages to get the password or it does not.
If it does, tool "a" sucks big and tool "b" works fine.
If it does not either both tools suck big or your dictionary sucks big (or the password is a good, non dictionary word).

Same applies for bruteforcing.

You make a try at file xy with tool "a" using bruteforce.
Tool "a" either manages to get the password or it does not.
If it does, I doubt that you will be going on the same file with tool "b".(you already got the password)
If it does not, you try (with the same bruteforce pattern if any) the same xy file with tool "b"

Tool "b" either manages to get the password or it does not.
If it does, tool "a" sucks big and tool "b" works fine.
If it does not either both tools suck big or your pattern (if any) sucks big .

Can you detail your experience?

jaclaz


   
ReplyQuote
Passcovery
 Passcovery
(@passcovery)
New Member
Joined: 11 years ago
Posts: 2
23/03/2014 1:37 pm  

If the user is armed with password management tools, like Password Safe, KeePass, WISeID and others, that will create 20-character random passwords for you … no dictionaries in the world will help.

Yes, roughly speaking, it is so. If a password was generated following some rules and they can be set in the searching scenario, the password will be found. If it is a long "synthetic" password from a password manager, we can say there are no chances.

Rainbow Tables exist for protection with a short encryption key (for example 40-bit Excel/Word 97-2003 (.xls/.doc files)). And services for document decryption based on them exist. It's not obligatory to have the tables.

Recovery of passwords on GPU (AMD video cards are better) really increases the searching speed by times. It can be applied for many formats. Our software supports Office 2007-2013, OpenOffice, ZIP, RAR, TrueCrypt, Apple iOS/Blackberry OS back-ups, WPA/WPA2 handshakes.

Hmmm, unless you did some specific tests, I wonder how you gathered this impression. 😯

I mean ) , you have file xy.doc (or .zip or .docx or .xls or .xlsx).

We carried out almost the same testing for Office (details). It was long ago but the situation hasn't changed in principle. If visitors are interested in it, we can carry out tests again.


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
23/03/2014 7:34 pm  

We carried out almost the same testing for Office (details). It was long ago but the situation hasn't changed in principle. If visitors are interested in it, we can carry out tests again.

Yes, I believe that independent tests would be useful.

With all due respect ) , the same tests published by the vendor of the one or the other tool may or may not be as much relevant.

jaclaz


   
ReplyQuote
Passcovery
 Passcovery
(@passcovery)
New Member
Joined: 11 years ago
Posts: 2
24/03/2014 3:12 pm  

Yes, I believe that independent tests would be useful.
With all due respect ) , the same tests published by the vendor of the one or the other tool may or may not be as much relevant.
jaclaz

You asked for documents, software and indexes. All that is in the article. And we are proud of the optimization of our software coding that allowed us to get these values. )


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
24/03/2014 5:16 pm  

You asked for documents, software and indexes.

No, I did not.
I simply underlined how fraudit's report was, without some corroborating data, a (much respected ) ) opinion (or, if you prefer, anecdotal evidence), and asked if he could share the details of his experience.

Additionally he provided two different measures

  • quicker
  • more effective

Whilst the first is measurable through tests, the second is not, in the sense that it is pretty much binary
0 -> the tool at hand CANNOT retrieve the password (
1 -> the tool at hand CAN retrieve the password )

Now, is the second "more effective"? Or is the first "less effective"?

IMHO, no, the second does whatever it is supposed to do and is "effective" (i.e. it works), whilst the first is "ineffective" (i.e. it doesn't work).

All that is in the article. And we are proud of the optimization of our software coding that allowed us to get these values. )

And I am very happy ) that you managed to optimize your software and that in your tests it came out as the faster one among those tested (when brute-forcing).

The note was only for making "full disclosure", the site
http//passwordexperts.com/
is connected to
http//passwordrecoverytools.com/
i.e. the makers of the "Accent" line of password recovery tools, which is not a bad or a good thing per se, of course, but whenever a topic on this board touches a Commercial product, there is the risk of either some spam posts (like the one henrydcruz posted earlier) or some direct or indirect form of "astro-turfing", hence the need for "full disclosure" when a post comes from someone connected to the Authors of a Commercial tool.

jaclaz


   
ReplyQuote
Jamie
 Jamie
(@jamie)
Moderator
Joined: 5 years ago
Posts: 1288
24/03/2014 5:23 pm  

there is the risk of either some spam posts (like the one henrydcruz posted earlier)

Now removed, please (everyone) don't hesitate to notify me of this kind of thing if you notice it - as much as I'd like to, I can't check every post 😉

hence the need for "full disclosure" when a post comes from someone connected to the Authors of a Commercial tool.

This is absolutely correct - "full disclosure" is always required and appreciated in these cases.


   
ReplyQuote
 fraudit
(@fraudit)
Trusted Member
Joined: 13 years ago
Posts: 72
25/03/2014 5:49 pm  

Can you detail your experience?

Of course I haven't performed any formal tests - this is purely subjective opinion.

However, I was able to recover the desired passwords quicker with Passware product using the same recovery method - usually brute force with stated password characters number range and characters types (though I'm unable to say that it took X seconds / minutes less since I didn't measure it). The outcome was the same - both tools were successful in most cases, but the conditions of their runs were certainly not the same, even though I run them mostly when editing a document.

About the effectiveness - I just feel "better" using Passware - its interface is more intuitive to me and I always find everything I need in the place I expect to. Again this is a matter of my personal preference. Another thing is that Passware is a single product not a suite as Elcomsoft.

The question was about suggestions, not about formal tests results ) But I understand and respect jaclaz's view I might have stated directly it was my opinion.


   
ReplyQuote
Jamie
 Jamie
(@jamie)
Moderator
Joined: 5 years ago
Posts: 1288
26/03/2014 5:37 pm  

Topic split -> Excel VBA passwords


   
ReplyQuote
 fkasperski
(@fkasperski)
Active Member
Joined: 13 years ago
Posts: 10
02/04/2014 5:59 am  

I have used the Passware Forensic package for a few years now.

A few items of interest in cracking passwords with the Passware Forensic pkg are

1. the forensic edition comes with 5 free client licenses.

If you have extra PC's available then you can network them together with the main PC running the installed passware program. The other 5 PCs run the passware client licenses.
The password cracking job is time shared by all of these connected PCs.

Or if you have permission to use an existing network of PCs then you could
have the passware installed on one PC and then install the client licenses on 5 other PCs.

2. Passware uses both the CPU of your PC along with the GPU of your video card.
It used to be that only Nvidia GPUs were supported, but now ATI GPU video cards are also supported.

3. If you have the available funds to expend toward cracking the passwords you are after,
you can utilize Amazon's EC2.
The passware options box offers a choice to use EC2.
Within that option is the choice to select up to 8 sets of two boxes.
Each set of boxes is for entering
a. Instance Public DNS
b. Instance authentication key


   
ReplyQuote
Page 2 / 3
Forum Jump:
  Previous Topic
Next Topic  
Share: